Skip to content

Instantly share code, notes, and snippets.

@hellman

hellman/0writeup.ipynb

Last active Oct 24, 2020
Embed
What would you like to do?
RCTF 2020 - infantECC
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
from Crypto.Util.number import getStrongPrime, bytes_to_long, long_to_bytes
from hashlib import sha256
flag = open("flag.txt","rb").read()
p=getStrongPrime(512)
q=getStrongPrime(512)
R=Zmod(p*q)
Mx=R.random_element()
My=R.random_element()
b=My^2-Mx^3
E=EllipticCurve(R, [0,b])
Ep=EllipticCurve(GF(p), [0,b])
Eq=EllipticCurve(GF(q), [0,b])
Ecard=Ep.cardinality()*Eq.cardinality()
r=random_prime((p^^q)>>100)
s=inverse_mod(r, Ecard)
print((s,b))
print(s*E(Mx,My))
print(randint(0,Ecard)*E(Mx,My))
print(r^^(bytes_to_long(sha256(long_to_bytes(Mx)).digest())^^bytes_to_long(flag))<<256)
@hellman

This comment has been minimized.

Copy link
Owner Author

@hellman hellman commented Jun 2, 2020

A lot of weird stuff going on!

@hellman

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment